class ReviewsController < ApplicationController

  before_filter :login_required, :find_article, :find_discipline
  access_control :destroy => 'admin'

  def new
  end

  def create
    @review = Review.new(params[:review].merge(:user => current_user, :document => @article.document))
    @article.reviews << @review

    respond_to do |format|
      if @article.save
        flash[:notice] = 'Review was successfully created.'
        format.html { redirect_to discipline_article_path(@discipline, @article) }
      else
        format.html { render :action => 'new' }
      end
    end
  end

  def destroy
    @review = @article.reviews.find(params[:id])
    @review.destroy
    flash[:notice] = 'Review was successfully deleted.'
    redirect_to discipline_article_path(@discipline, @article)
  end

  def show
    # this is a spider trying to get here
    permission_denied
  end

  protected

  def find_article
    @article = Article.find(params[:article_id])
  end

end
